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IN THE CLAIMS 

1) Please amend Claims 1-20 as follows: 



1 . (Currently Amended) For use in a wireless network comprising a plurality of base 
stations, each of said base stations capable of communicating with a plurality of mobile stations, a 
security device capable of preventing an unprovisioned one of said plurality of mobile stations from 
accessing an Internet protocol (IP) data network through said wireless network, said security device 
comprising: 

a first controller capable of receiving from said unprovisioned mobile station an IP data 
packet comprising an IP packet header and an IP packet pavloa d, determining from said IP data 
packet th at said unprovisioned mobile station is unprovisioned and, in response to said 
determination, and encrypting at least a portion of said IP packet payioad to thereby generate an 
encrypted pavload th at may be decrypted only bv a provisioning server of said wireless network . 



2. (Original) The security device set forth in Claim 1 wherein said first controller is 
disposed in at least one of said plurality of base stations. 

3. (Original) The security device set forth in Claim 1 wherein said first controller is 
disposed in at least one of a mobile switching center and an interworking Amction of said wireless 
network. 
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4. (Original) The security device set forth in Claim 1 further comprising a second 
controller capable of determining that said unprovisioned mobile station is unprovisioned. 

5. • (Currently Amended) The security device set forth in Claim 4- 4 wherein said second 
controller determines that said unprovisioned mobile station is unprovisioned if said unprovisioned 
mobile station is unable to authenticate to said wireless network. 

6. *■ (Currently Amended) The security device set forth in Claim 4 4 wherein said second 
controller determines that said unprovisioned mobile station is unprovisioned according to a 
predetermined telephone number associated with a service provisioning process selected by said 
unprovisioned mobile station. 

7. (Currently Amended) The security device set forth in Claim 4- 4 wherein said second 
controller determines that said unprovisioned mobile station is unprovisioned according to data 
retrieved from a home location register associated with said wireless network. 

8. (Original) The security device set forth in Claim t wherein said first controller 
comprises a data processor capable of executing an encryption program stored in a memory 
associated with said data processor. 
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9. (Currently Amended) A wireless network comprising: 

a plurality of base stations, each of said base stations capable of communicating with a 

plurality of mobile stations; and 

a security device capable of preventing an unprovisioned one of said plurality of mobile 

stations from accessing an Internet protocol (IP) data network through said wireless network, said 

security device comprising: 

a first controller capable of receiving from said unprovisioned mobile station an IP 
data packet comprising an IP packet header and an IP packet navloa d. determining from said 
IP data packet that said unprovisioned mobile station is unprovisioned and, in response to 
said determination, ted encrypting at least a portion of said IP packet pavload to thereby 
generate an encrypted pavload that mav be decrypted only by a provisioning server of said 
wireless network . 

1 0. (Original) The wireless network set forth in Claim 9 wherein said first controller is 
disposed in at least one of said plurality of base stations. 

1 1 . (Original) The wireless network set forth in Claim 9 wherein said first controller is 
disposed in at least one of a mobile switching center and an interworking function of said wireless 
network. 
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12. (Original) The wireless network set forth in Claim 9 further comprising a second 
controller capable of determining that said unprovisioned mobile station is unprovisioned. 

13. (Currently Amended) The wireless network set forth in Claim 9 12 wherein said 
second controller determines that said unprovisioned mobile station is unprovisioned if said 
unprovisioned mobile station is unable to authenticate to said wireless network. 

14. (Currently Amended) The wireless network set forth in Claim 9 12 wherein said 
second controller determines that said unprovisioned mobile station is unprovisioned according to a 



predetermined telephone number associated with a service provisioning process selected by said 
unprovisioned mobile station. 



data retrieved from a home location register associated with said wireless network. 

16. (Original) The wireless network set forth in Claim 9 wherein said first controller 
comprises a data processor capable of executing an encryption program stored in a memory 
associated with said data processor. 




15. (Currently Amended) The wireless network set forth in Claim 9 12 wherein said 
second controller determines that said unprovisioned mobile station is unprovisioned according to 
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1 7. (Currently Amended) For use in a wireless network comprising a plurality of base 
stations, each of the base stations capable of communicating with a plurality of mobile stations, a 
method of preventing an unprovisioned one of the plurality of mobile stations from accessing an 
Internet protocol (IP) data network through the wireless network, the method comprising the steps of: 

receiving from the unprovisioned mobile station an IP data packet comprising an DP packet 
header and an IP packet payload; 

determining that the unprovisioned mobile station is unprovisioned; and 



encrypting at least a portion of the IP packet payload to thereby generate an encrypted 
pavload that may he decrypted only bv a provisioning server of said wireless network . 

18. (Original) The method set forth in Claim 17 wherein the step of determining 
comprises the step of determining that the unprovisioned mobile station is unable to authenticate to 
the wireless network. 

19. (Original) The method set forth in Claim 17 wherein the step of determining 
comprises the step of determining that the unprovisioned mobile station selected a predetermined 
telephone number associated with a service provisioning process. 
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20. {Original) The method set forth in Claim 1 7 wherein the step of determining that the 
^ unprovisioned mobile station is unprovisioned comprises the step of examining data retrieved from a 
home location register associated with the wireless network. 
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